blob: 4f69a1c9c6fd5bf6942c702531798114c1ca6b9b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
#!/bin/sh
#
# ssl_vncviewer: wrapper for vncviewer to use stunnel SSL tunnel.
#
# You must have stunnel(8) installed on the system and in your
# PATH (n.b. stunnel is usually in an sbin subdir).
#
# You should have "x11vnc -ssl ..." or "x11vnc -stunnel ..."
# running as the VNC server.
#
# usage: ssl_vncviewer [cert-args] host:display <vncviewer-args>
#
# e.g.: ssl_vncviewer snoopy:0
# ssl_vncviewer snoopy:0 -encodings "copyrect tight zrle hextile"
#
# [cert-args] can be:
# -verify /path/to/cacert.pem
# -mycert /path/to/mycert.pem
#
# -verify specifies a CA cert PEM file (or a self-signed one) for
# authenticating the VNC server.
#
# -mycert specifies this client's cert+key PEM file for the VNC server to
# authenticate this client.
#
VNCVIEWERCMD="vncviewer"
PATH=$PATH:/usr/sbin:/usr/local/sbin:/dist/sbin; export PATH
help() {
head -26 $0 | tail +2
}
# grab our cmdline options:
while [ "X$1" != "X" ]
do
case $1 in
"-verify") shift; verify="$1"
;;
"-mycert") shift; mycert="$1"
;;
"-h"*) help; exit 0
;;
*) break
;;
esac
shift
done
orig="$1"
shift
# play around with host:display port:
if ! echo "$orig" | grep ':' > /dev/null; then
orig="$orig:0"
fi
host=`echo "$orig" | awk -F: '{print $1}'`
disp=`echo "$orig" | awk -F: '{print $2}'`
if [ $disp -lt 200 ]; then
port=`expr $disp + 5900`
fi
# try to find an open listening port via netstat(1):
use=""
if uname | grep Linux > /dev/null; then
inuse=`netstat -ant | grep LISTEN | awk '{print $4}' | sed 's/^.*://'`
try=5920
while [ $try -lt 6000 ]
do
if ! echo "$inuse" | grep -w $try > /dev/null; then
use=$try
break
fi
try=`expr $try + 1`
done
fi
if [ "X$use" = "X" ]; then
# otherwise choose a "random" one:
use=`date +%S`
use=`expr $use + 5920`
fi
# create the stunnel config file:
if [ "X$verify" != "X" ]; then
if [ -d $verify ]; then
verify="CApath = $verify"
else
verify="CAfile = $verify"
fi
verify="$verify
verify = 2"
fi
if [ "X$mycert" != "X" ]; then
cert="cert = $mycert"
fi
##debug = 7
tmp=/tmp/ssl_vncviewer.$$
cat > $tmp <<END
foreground = yes
pid =
client = yes
$verify
$cert
[vnc_stunnel]
accept = $use
connect= $host:$port
END
echo ""
echo "Using this stunnel configuration:"
cat $tmp
echo ""
sleep 1
echo "running: stunnel $tmp"
stunnel $tmp < /dev/tty > /dev/tty &
pid=$!
echo ""
# pause here to let the user supply a possible passphrase for the
# mycert key:
if [ "X$mycert" != "X" ]; then
sleep 4
fi
sleep 2
rm -f $tmp
if [ $use -ge 5900 ]; then
n=`expr $use - 5900`
fi
if echo "$0" | grep vncip > /dev/null; then
# hack for runge's special wrapper script vncip.
vncip "$@" localhost:$n
else
$VNCVIEWERCMD "$@" localhost:$n
fi
kill $pid
|
